Rails has_secure_password change BCrypt cost factor (aka work factor)

StackOverflow https://stackoverflow.com/questions/21265280

Question

When using has_secure password in rails, how can I change the default cost factor BCrypt uses when creating the password digests?

I'd like to do this because the default cost factor used -- 10 -- is apparently a bit low (this post recommends setting it to 12 at least).

Was it helpful?

Solution

This can be accomplished by putting the following code in your config file (e.g. production.rb, development.rb, test.rb, application.rb, etc.)

require 'bcrypt'
BCrypt::Engine::DEFAULT_COST = 12

Note that you can check your password digests to see what cost factor was used when encrypting them. E.g. in 

$2a$12$k50jCqk8Bijj.wYxg69QBOg.t4VNMj/VmSkPCfeWWoOW

the cost factor is 12 the number immediately following the second $

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top